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VERSION MARKED TO SHOW CHANGES MADE 

METHOD FOR SETTING UP SECURE CONNECTIONS 

FIELD OF THE INVENTION 

The present invention is related to connections in IP (Internet Protocol) based 
networks, especially connections according to the IPSec protocol Specifically, the invention 
is directed to a method [according to the first independent method claim.] for providing 
5 authentication for setting up secure connections between a plurality of network nodes 

comprising at least the steps of placing a collection of accepted certificates comprising at least 
one accepted certificate available for other nodes by said first node, importing said collection 
by at least one other node than said first node, setting up of at least one secure connection by 
at least one of said at least one other node to a destination node whose certificate was 
10 p imported as a part of said collection, and automatically accepting the authenticity of said 
In destination node. 

CO BACKGROUND OF THE INVENTION [Description of Related Art] 
lg The basic protocols used in the Internet, namely the IP protocol (IP) and [TCP] 

* u Transmission Control Protocol (TCP),, were created in an environment^] where security was 
15 Q not a concern. Consequently, the security of a basic TCP/IP network is very poor if not 
[1 practically nonexistent, if no further measures are taken. Many different approaches to 
JL; improve the security of TCP/IP networks have been taken. One of the most popular 
flj techniques is the IPSec protocol (IPSec) which, at the time of writing this application, has 

established itself as an industry standard. The IPSec protocol provides a framework for 
20 establishing, using, and terminating secure connections over untrusted networks. The IPSec 

protocol does not strictly define which encryption methods are used. The encryption method 

is negotiated by the communicating parties during setup of a connection, which allows [the] 

change and improvement of encryption methods without breaking the IPSec protocol itself. 

IPSec is, by construction, a unidirectional protocol. For two-way communication, two 
25 communications channels must be set up, one for each direction. The IPSec protocol is 

described in further detail in the reference [IPSec] (RFC 2401 by S. Kent & R. Atkinson, 

November 1998) and in the documents referred to therein. 



METHOD FOR SETTING UP SECURE CONNECTIONS 



FIELD OF THE INVENTION 

The present invention is related to connections in IP (Internet Protocol) based 
networks, especially connections according to the IPSec protocol. Specifically, the invention 
is directed to a method for providing authentication for setting up secure connections between 
a plurality of network nodes comprising at least the steps of 

placing a collection of accepted certificates comprising at least one accepted certificate 
available for other nodes by said first node, importing said collection by at least one other 
node than said first node, setting up of at least one secure connection by at least one of said at 
least one other node to a destination node whose certificate was imported as a part of said 
collection, and automatically accepting the authenticity of said destination node. 
BACKGROUND OF THE INVENTION 

The basic protocols used in the Internet, namely the IP protocol (IP) and Transmission 
Control Protocol (TCP), were created in an environment where security was not a concern. 
Consequently, the security of a basic TCP/IP network is very poor if not practically 
nonexistent, if no further measures are taken. Many different approaches to improve the 
security of TCP/IP networks have been taken. One of the most popular techniques is the 
IPSec protocol (IPSec) which, at the time of writing this application, has established itself as 
an industry standard. The IPSec protocol provides a framework for establishing, using, and 
terminating secure connections over untrusted networks. The IPSec protocol does not strictly 
define which encryption methods are used. The encryption method is negotiated by the 
communicating parties during setup of a connection, which allows change and improvement 
of encryption methods without breaking the IPSec protocol itself. IPSec is, by construction, a 
unidirectional protocol. For two-way communication, two communications channels must be 
set up, one for each direction. The IPSec protocol is described in further detail in the 
reference (RFC 2401 by S. Kent & R. Atkinson, November 1998) and in the documents 
referred to therein. 



